OpenClaw is becoming a test case for how quickly companies will move when a promising AI tool also looks risky. The agentic AI software has attracted coders and social media attention, but its ability to operate across a user’s computer is prompting some executives to keep it away from work systems.
The concern is not that companies see no value in the technology. The concern is that OpenClaw can interact with apps, browse the web, organize files, and perform other tasks after relatively limited setup and direction. For security teams, that makes it both useful and hard to trust inside environments that hold company data, client information, and developer access.
Why OpenClaw is raising alarms
OpenClaw was launched last November by Peter Steinberger as a free, open source tool. It was briefly known as MoltBot, and its popularity surged last month as other coders added features and shared their experiences on social media.
Its appeal comes from what it can do once a technically capable user gets it running. The tool requires basic software engineering knowledge to set up, but after that it can take control of a user’s computer and work with other apps. The source describes tasks such as organizing files, conducting web research, and shopping online.
That broad access is exactly what worries executives. A Meta executive told his team to keep OpenClaw off regular work laptops or risk losing their jobs. He told reporters he believes the software is unpredictable and could lead to a privacy breach if used in secure environments. He spoke anonymously so he could talk frankly.
Other cybersecurity professionals have publicly urged companies to strictly control workforce use of OpenClaw. The pattern is clear: the tool’s capabilities are interesting enough to explore, but many companies are treating it as too risky for ordinary corporate devices.
Companies are choosing containment first
Jason Grad, cofounder and CEO of Massive, sent a warning to the 20 employees at his tech startup on January 26. In a Slack message, he wrote, “You’ve likely seen Clawdbot trending on X/LinkedIn. While cool, it is currently unvetted and high-risk for our environment.” He also told staff: “Please keep Clawdbot off all company hardware and away from work-linked accounts.”
Grad says the message went out before any Massive employees had installed OpenClaw. His explanation was direct: “Our policy is, ‘mitigate first, investigate second’ when we come across anything that could be harmful to our company, users, or clients.”
Valere, a tech company that works on software for organizations including Johns Hopkins University, reacted similarly. On January 29, an employee mentioned OpenClaw in an internal Slack channel for sharing new technology to try. Valere’s president quickly responded that OpenClaw was strictly banned, according to Valere CEO Guy Pistone.
Pistone’s concern centered on what could happen if the tool gained access to a developer’s machine. “If it got access to one of our developer’s machines, it could get access to our cloud services and our clients’ sensitive information, including credit card information and GitHub codebases,” he says. “It’s pretty good at cleaning up some of its actions, which also scares me.”
Testing continues, but under tighter conditions
Valere did not stop at a permanent refusal. A week later, Pistone allowed the company’s research team to run OpenClaw on an employee’s old computer. The purpose was to look for flaws and possible fixes that could make the software more secure.
The research team later recommended limiting who can give OpenClaw orders. It also advised exposing the tool to the Internet only if a password protects its control panel, to reduce the risk of unwanted access.
In a report shared with WIRED, Valere researchers warned that users have to “accept that the bot can be tricked.” One example involved OpenClaw summarizing a user’s email. A hacker could send a malicious email instructing the AI to share copies of files on the person’s computer.
Pistone still sees a path forward if safeguards can be developed. He has given a Valere team 60 days to investigate. “If we don’t think we can do it in a reasonable time, we’ll forgo it,” he says. “Whoever figures out how to make it secure for businesses is definitely going to have a winner.”
Not every company is using a blanket ban
Some companies are relying on existing security controls rather than creating a special rule for OpenClaw. A CEO of a major software company said only about 15 programs are allowed on corporate devices, and anything else should be automatically blocked. The executive spoke anonymously to discuss internal security protocols.
That approach treats OpenClaw as part of a broader device-management problem. If a company already restricts software installation tightly, it may see less need for a one-off ban. The executive said OpenClaw is innovative, but doubted it could operate on the company’s network undetected.
Other organizations are creating separate spaces for experimentation. Jan-Joost den Brinker, chief technology officer at Prague-based compliance software developer Dubrink, bought a dedicated machine that is not connected to company systems or accounts. Employees can use that machine to try OpenClaw, but the company is not using it for business work. “We aren’t solving business problems with OpenClaw at the moment,” he says.
The business pull is still strong
Even companies that are restricting OpenClaw are not necessarily walking away from it. Massive has tested the tool on isolated machines in the cloud. Last week, it released ClawPod, a way for OpenClaw agents to use Massive’s services to browse the web.
That combination captures the tension around agentic AI. OpenClaw is still not welcome on Massive’s systems without protections, but the potential commercial opportunity is too large for the company to ignore. Grad’s view is that OpenClaw “might be a glimpse into the future. That’s why we’re building for it.”
For now, the emerging consensus is not simple rejection. It is controlled access, dedicated machines, isolated cloud environments, password-protected control panels, and rules about who can issue commands. OpenClaw’s rise shows that agentic AI tools may force companies to move faster on security decisions than their normal evaluation cycles allow.